.fmf/version

@@ -1 +0,0 @@
-1

.gitignore

@@ -1,9 +1 @@
-JSON-XS-2.27.tar.gz
-/JSON-XS-2.3.tar.gz
-/JSON-XS-2.32.tar.gz
-/JSON-XS-2.33.tar.gz
-/JSON-XS-2.34.tar.gz
-/JSON-XS-3.01.tar.gz
-/JSON-XS-3.02.tar.gz
-/JSON-XS-3.03.tar.gz
-/JSON-XS-3.04.tar.gz
+SOURCES/JSON-XS-3.04.tar.gz

.perl-JSON-XS.metadata

@@ -0,0 +1 @@
+582f874f3c4ad8a0bbf6986f7af2676a92e91b8a SOURCES/JSON-XS-3.04.tar.gz

JSON-XS-3.04-Fix-for-CVE-2025-40928.patch

@@ -1,40 +0,0 @@
-Fix for CVE-2025-40928
-
-Fix heap overflow causing crashes, possibly information disclosure or
-worse (CVE-2025-40928), and causes JSON::XS to accept invalid JSON texts
-as valid in some cases.
-
-diff -up JSON-XS-3.04/XS.xs.cve JSON-XS-3.04/XS.xs
---- JSON-XS-3.04/XS.xs.cve	2017-08-17 03:54:33.000000000 +0200
-+++ JSON-XS-3.04/XS.xs	2025-09-15 13:09:42.314411248 +0200
-@@ -247,16 +247,16 @@ json_atof_scan1 (const char *s, NV *accu
-   // if we recurse too deep, skip all remaining digits
-   // to avoid a stack overflow attack
-   if (expect_false (--maxdepth <= 0))
--    while (((U8)*s - '0') < 10)
-+    while (*s >= '0' && *s <= '9')
-       ++s;
- 
-   for (;;)
-     {
--      U8 dig = (U8)*s - '0';
-+      U8 dig = *s - '0';
- 
-       if (expect_false (dig >= 10))
-         {
--          if (dig == (U8)((U8)'.' - (U8)'0'))
-+          if (dig == (U8)('.' - '0'))
-             {
-               ++s;
-               json_atof_scan1 (s, accum, expo, 1, maxdepth);
-@@ -276,8 +276,8 @@ json_atof_scan1 (const char *s, NV *accu
-               else if (*s == '+')
-                 ++s;
- 
--              while ((dig = (U8)*s - '0') < 10)
--                exp2 = exp2 * 10 + *s++ - '0';
-+              while (*s >= '0' && *s <= '9')
-+                exp2 = exp2 * 10 + (*s++ - '0');
- 
-               *expo += neg ? -exp2 : exp2;
-             }

SPECS/perl-JSON-XS.spec

@@ -2,13 +2,11 @@ Name:           perl-JSON-XS
 Summary:        JSON serializing/de-serializing, done correctly and fast
 Epoch:          1
 Version:        3.04
-Release:        4%{?dist}
+Release:        3%{?dist}
 License:        GPL+ or Artistic
 Group:          Development/Libraries
 URL:            http://search.cpan.org/dist/JSON-XS/
 Source0:        http://www.cpan.org/authors/id/M/ML/MLEHMANN/JSON-XS-%{version}.tar.gz
-# Fix for CVE-2025-40928 in upstream since 4.04
-Patch1:         JSON-XS-3.04-Fix-for-CVE-2025-40928.patch
 # Build
 BuildRequires:  coreutils
 BuildRequires:  gcc
@@ -17,7 +15,6 @@ BuildRequires:  perl-devel
 BuildRequires:  perl-generators
 BuildRequires:  perl-interpreter
 BuildRequires:  perl(Canary::Stability)
-BuildRequires:  perl(Config)
 BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.76
 BuildRequires:  sed
 # Module Runtime
@@ -42,75 +39,40 @@ BuildRequires:  perl(warnings)
 Requires:       perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
 
 %{?perl_default_filter}
+%{?perl_default_subpackage_tests}
 
 %description
 This module converts Perl data structures to JSON and vice versa. Its
 primary goal is to be correct and its secondary goal is to be fast. To
 reach the latter goal it was written in C.
 
-%package tests
-Summary:        Tests for %{name}
-BuildArch:      noarch
-Requires:       %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
-Requires:       perl-Test-Harness
-
-%description tests
-Tests from %{name}. Execute them
-with "%{_libexecdir}/%{name}/test".
-
 %prep
 %setup -q -n JSON-XS-%{version}
-%patch -P1 -p1
 
 sed -i 's/\r//' t/*
-perl -MConfig -pi -e 's|^#!/opt/bin/perl|$Config{startperl}|' eg/*
+perl -pi -e 's|^#!/opt/bin/perl|#!%{__perl}|' eg/*
 chmod -c -x eg/*
 
-# Help generators to recognize Perl scripts
-for F in t/*.t; do
-    perl -i -MConfig -ple 'print $Config{startperl} if $. == 1 && !s{\A#!\s*perl}{$Config{startperl}}' "$F"
-    chmod +x "$F"
-done
-
 %build
 %{__perl} Makefile.PL INSTALLDIRS=vendor OPTIMIZE="%{optflags}" NO_PACKLIST=1
 make %{?_smp_mflags}
 
 %install
 make pure_install DESTDIR=%{buildroot}
-# Install tests
-mkdir -p %{buildroot}%{_libexecdir}/%{name}
-cp -a t %{buildroot}%{_libexecdir}/%{name}
-cat > %{buildroot}%{_libexecdir}/%{name}/test << 'EOF'
-#!/bin/sh
-cd %{_libexecdir}/%{name} && exec prove -I . -j "$(getconf _NPROCESSORS_ONLN)"
-EOF
-chmod +x %{buildroot}%{_libexecdir}/%{name}/test
-# Correct permissions
 %{_fixperms} -c %{buildroot}
 
 %check
-export HARNESS_OPTIONS=j$(perl -e 'if ($ARGV[0] =~ /.*-j([0-9][0-9]*).*/) {print $1} else {print 1}' -- '%{?_smp_mflags}')
 make test
 
 %files
 %doc Changes README eg/
 %license COPYING
-%{_bindir}/json_xs
-%{perl_vendorarch}/auto/JSON/
-%{perl_vendorarch}/JSON/
-%{_mandir}/man1/json_xs.1*
-%{_mandir}/man3/JSON::XS.3*
-%{_mandir}/man3/JSON::XS::Boolean.3*
-
-%files tests
-%{_libexecdir}/%{name}
+%{perl_vendorarch}/*
+%exclude %dir %{perl_vendorarch}/auto
+%{_bindir}/*
+%{_mandir}/man[13]/*
 
 %changelog
-* Mon Sep 15 2025 Jitka Plesnikova <jplesnik@redhat.com> - 1:3.04-4
-- Resolves: RHEL-113630 - Fix CVE-2025-40928
-- Package tests
-
 * Wed Feb 21 2018 Paul Howarth <paul@city-fan.org> - 1:3.04-3
 - Specify all dependencies
 

gating.yaml

@@ -1,7 +0,0 @@
-# RHEL
---- !Policy
-product_versions:
-  - rhel-8
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

plans/sanity.fmf

@@ -1,5 +0,0 @@
-summary: Sanity tests
-discover:
-    how: fmf
-execute:
-    how: tmt

sources

@@ -1 +0,0 @@
-SHA512 (JSON-XS-3.04.tar.gz) = 69c2e199385b5b5e331d905b64805304de80e1a3b393acaf7dce21c45254b1f23f1a83b246dcd3a80c2cfdadaf8ce3634ee587c469629cb69106f0c2239c73db

tests/upstream-tests.fmf

@@ -1,12 +0,0 @@
-summary: Upstream tests
-contact: Jitka Plesnikova <jplesnik@redhat.com>
-component: perl-JSON-XS
-require: perl-JSON-XS-tests
-test: /usr/libexec/perl-JSON-XS/test
-enabled: true
-tag:
-  - rhel-buildroot
-adjust:
-  - enabled: false
-    when: distro < rhel-8 or distro < centos-stream-8
-    continue: false